ACTI Create Report-Indicator Associations
This Playbook is part of the Accenture CTI v2 Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
- This sub-playbook makes the connections between ACTI indicators (from ACTI Indicator API) and ACTI intelligence reports (from ACTI Report API) that have pulled into an XSOAR incident via the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.
- This sub-playbook cannot be integrated into generic XSOAR playbooks and playbooks from other vendors by itself. It is dependent upon the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
This playbook does not use any sub-playbooks.
Integrations#
This playbook does not use any integrations.
Scripts#
- CreateIndicatorRelationship
- GetIndicatorDBotScore
- Exists
Commands#
This playbook does not use any commands.
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| IP | IP address after enrichment. | ${IP.Address} | Optional |
| IA | Intelligence Alert uuid(s). | ${intelligence_alerts}.None | Optional |
| IR | Intelligence Report uuid(s). | ${intelligence_reports}.None | Optional |
| URL | URL address after enrichment. | ${URL.Data} | Optional |
| Domain | Domain name after enrichment. | ${Domain.Name} | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
